PCI Compliance doesn't like the Desktop Services Store

Josh Sherman
1 min read
Servers / Serverless Web Servers

The Desktop Services Store (DS_Store) as you probably already know, is a file that stores some metadata about the files in a directory in the OS X. I’ve taken a look at them, they seem pretty harmless, but in the realm of PCI Compliance they are a medium risk because they can reveal the directory structure (which could very well be innocuous depending on the site). Like most of the PCI Compliancy challenges I’ve faced, it’s a pretty simple fix:

Apache

<Files "^\.">
    Order deny,allow
    Deny from all
</Files>

Nginx

location ~ /\.
{
    deny all;
}

Note, the above examples will deny access to all hidden files (.htaccess, .DS_Store, et cetera)

Join the Conversation

Good stuff? Want more?

Weekly emails about technology, development, and sometimes sauerkraut.

100% Fresh, Grade A Content, Never Spam.

About Josh

Husband. Father. Pug dad. Born again Linux user. Founder of Holiday API, Backend Engineering Manager and Emoji Specialist at Mailshake (WE'RE HIRING!), and author of the best damn Lorem Ipsum Library for PHP.

Currently Reading

Pears and Perils
Antifragile: Things That Gain from Disorder
Code Girls: The Untold Story of the American Women Code Breakers of World War II

Previous Reads

Buy Me a Coffee Become a Sponsor

Related Articles